InfoSec Handlers Diary Blog

The original patch from Microsoft caused issues with dialup.Revised patch development was discussed by Microsoft.Exploit code is available that leverages this issue.This allows an authenticated attacker to execute arbitrary code on unpatched Win2k, Windows 2003 and XP SP2 systems.On versions that still allow anonymous connections/null sessions, an attacker could execute arbitrary code without authentication.

UPDATE: Microsoft has released on official comment at http://www.microsoft.com/technet/security/advisory/921923.mspx

The gist: MS06-025 works to protect against the published exploit.Un-patched Windows 2000 systems are primarily at risk from this vulnerability.Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1 require the attcker to have a valid login.Windows 98, 98SE and ME are not affected by this vulnerability.

UPDATE 2

To clarify things a bit with some extra information we received in the mean time.

Windows 2000 Service Pack 4 and Windows XP Service Pack 1 systems are primarily at risk as this vulnerability can be exploited by an anonymous user that needs to deliver a specially crafted message to the vulnerable system. If you are running any of these install the patch as soon as possible.

On Windows XP Service Pack 2 and Windows 2003 systems, a user has to be authenticated (has to have valid credentials) to the system to exploit the vulnerability.

To help clearly identify the issues, exploit code and remedy related to the recently announce Excel vulnerabilities, I offer this humble correlation. This information comes from Microsoft, Mitre, and vigilant readers sending in tips. My thanks go to all.